Threat Intelligence Blog

LookingGlass Weekly Cyber Security Trends Report: May 19, 2015

Welcome to the Cyveillance Weekly Cyber Security Trends Report

Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.

Insurance/Healthcare

According to a recent study conducted by the Ponemon Institute and sponsored by ID Experts, 91 percent of healthcare organizations have suffered at least one data breach in the past two years, 39 percent have experienced two to five data breaches, and 40 percent have suffered more than five.

– eSecurityPlanet

Legal and Regulations

On May 13, the United States and Japan will become contracting parties to the Hague System for the International Registration of Industrial Designs. The Hague System allows the filing of a single international design application that can lead to design protection in more than 50 jurisdictions, including the European Union, Korea and now the U.S. and Japan.

Generic drugmaker Ranbaxy Laboratories Ltd has been sued in a district court in the United States for allegedly manipulating U.S. Food and Drug Administration rules for years to keep rival generic drugs out of the market. Ranbaxy filed “grossly inadequate” applications seeking approval for its drugs and deceived the FDA into granting approvals and giving the company market exclusivity, the class action lawsuit asserts. It was filed by U.S. retailer Meijer Inc on Tuesday in the U.S. District Court in Massachusetts.

Starbucks’ customers are reporting that hundreds of dollars have been stolen from their credit cards after receiving emails saying the passwords and login details for the coffee company’s mobile app had been reset. While details of exactly how the attacks are taking place are still unclear, it appears that credentials leaked in previous cyberattacks could be used to allow hackers to siphon off money from Starbucks’ customers.

Cyber-criminals are leveraging Microsoft help files (CHM) to deliver malware to users thru a method that could go completely undetected by anti-virus products.

Telecommunications

The Wall Street Journal reported that regulators are going to approve AT&T’s $49 billion acquisition of DirecTV. According to inside sources, regulators are unlikely to impose conditions that will worry AT&T.

The Chinese threat actor known as APT17 and DeputyDog has been using profile pages and forum threads on Microsoft’s TechNet web portal to host IP addresses for command and control (C&C) servers. Experts have determined that the attackers haven’t actually compromised Microsoft’s website. Instead, they are using the portal’s legitimate functionality to host encoded strings that hide C&C IP addresses. APT17 is a Chinese threat group that has been targeting United States government organizations, the military, law firms, defense contractors, IT firms, mining companies, and NGOs. One of the tools leveraged by the group is BLACKCOFFEE, a backdoor that can be used to upload and download files, create a reverse shell on the infected system, enumerate files and processes, manipulate files, and terminate processes.